hwcrypto: Add protectionIDs to keys

            enabled: true,

        },

    },

    frozen: false,

}

  android.hardware.security.see.hwcrypto.KeyPolicy getKeyPolicy();

  byte[] getPublicKey();

  android.hardware.security.see.hwcrypto.types.OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);

  void setProtectionId(in android.hardware.security.see.hwcrypto.types.ProtectionId protectionId, in android.hardware.security.see.hwcrypto.types.OperationType[] allowedOperations);

}

/*

 * Copyright 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

///////////////////////////////////////////////////////////////////////////////

// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //

///////////////////////////////////////////////////////////////////////////////

// This file is a snapshot of an AIDL file. Do not edit it manually. There are

// two cases:

// 1). this is a frozen version file - do not edit this in any case.

// 2). this is a 'current' file. If you make a backwards compatible change to

//     the interface (from the latest frozen version), the build system will

//     prompt you to update this file with `m <name>-update-api`.

//

// You must not make a backward incompatible change to any AIDL file built

// with the aidl_interface module type with versions property set. The module

// type is used to build AIDL files in a way that they can be used across

// independently updatable components of the system. If a device is shipped

// with such a backward incompatible change, it has a high risk of breaking

// later when a module using the interface is updated, e.g., Mainline modules.

package android.hardware.security.see.hwcrypto.types;

enum ProtectionId {

  WIDEVINE_OUTPUT_BUFFER = 1,

}

import android.hardware.security.see.hwcrypto.KeyPolicy;

import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;

import android.hardware.security.see.hwcrypto.types.OperationType;

import android.hardware.security.see.hwcrypto.types.ProtectionId;

interface IOpaqueKey {

    /*

     *      <code>HalErrorCode</code> otherwise.

     */

    OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);

    /*

     * setProtectionId() - Sets the protectionID associated with the buffers where the operation

     *                     will be performed. A protection ID serves as a limitation on the key so

     *                     it can only operate on buffers with a matching protection ID.

     *                     The client calling this functions needs to have the necessary permissions

     *                     to read and/or write to this buffer. Setting this parameter means that

     *                     if the key is shared with a different client, the client receiving the

     *                     key will be limited in which buffers can be used to read/write data for

     *                     this operation.

     *

     * @protectionId:

     *      ID of the given use case to provide protection for. The method of protecting the buffer

     *      will be platform dependent.

     * @allowedOperations:

     *      array of allowed operations. Allowed operations are either READ or WRITE.

     *

     * Return:

     *      service specific error based on <code>HalErrorCode</code> on failure.

     */

    void setProtectionId(in ProtectionId protectionId, in OperationType[] allowedOperations);

}

/*

 * Copyright 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.security.see.hwcrypto.types;

/*

 * Enum describing the different types of protected buffers. Protected buffers are named by its

 * corresponding use case and its underlaying implementation is platform dependant.

 */

enum ProtectionId {

    /*

     * ProtectionID used by HwCrypto to enable Keys that can be used for Widevine video buffers.

     * These buffers should not be readable by non-trusted entities and HwCrypto should not allow

     * any read access to them through its interface.

     */

    WIDEVINE_OUTPUT_BUFFER = 1,

}